event trigger for changes to google workspace users or groups

Question

We're building some integrations with Google Workspace, and I'd like our system to be notified whenever a user/group changes in Google Workspace (user added, user added to group, etc).

I'm looking for something that can notify a webhook or similar about these changes, so I don't have to poll on a schedule.

So far the only thing I've found is the Admin Api's watch endpoint but that requires a known singular user. I'm looking for a way to get notified on any user/group changes in our directory

Any pointers to where I should look would be deeply appreciated!

Answer 1

For anyone else trying to figure this out, it turns out that its possible to do it like this:

• In google workspace, you can enable "audit log sharing" with the corresponding GCP organization (Go to https://admin.google.com/u/1/ac/companyprofile/legal, enable "Google Cloud platform sharing options).
• This will make audit logs searchable in the "logs explorer" in google cloud.
• From there, you can create a log sink to forward logs to a google pub/sub topic (you probably want to configure an inclusion filter for the sink)
• From there it's possible to use dapr.io bindings or similar to receive a stream of events as they occur.